This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUMs are not updating at scheduled timing

Hi,

 

We have a client with about 130 branches. All these branches have one SUM, so we have 130 SUMs. I have applied a update schedule to these SUMs to only update after workhours, e,g as below: 

 

 

So as per the above pic, the SUMs should only update before 8AM and after 8PM. But still they are updating during these hours ? Pic of SUMs below 

 

 

Now because of this, we are facing lots of bandwidth crunch due to Sophos updates during business hours. The link speed between central and one branch is 512 kbps.  

One more thing to consider is that the SUMs do not have any internet access. What can be a workaround to this situation ? I am trying to get help from Sophos Support but so far it has not worked out.



This thread was automatically locked due to age.
Parents
  • Hello Kandarp Desai1,

    under Schedule there are two settings - threat detection data updates and software updates.
    Threat detection data applies to IDE updates and new versions of detection data (VDL, currently 5.56) and other supplements. For these you can define an interval of up to 24 hours but no specific schedule. New IDEs should normally not cause problems as only a few 100k are transferred. Detection data updates and Patch feed updates (that also belong to supplements) are larger, a few 100MB and 50+MB respectively and this might be "too much".

    SUMs should only update before 8AM and after 8PM
    this is a misconception - the SUMs would not look for and download software updates during the No updates period, this does not apply to threat detection data updates though.

    The problem is that you can't control the larger detection data updates - other than setting the interval to 24 hours which isn't a good idea as delivery of the latest detection data is unduly delayed. I haven't checked if the start of the timer is set to the current time when you change the interval.

    Christian

  • Hi christian,

    Thanks for your reply

    I understood it now why the SUMs are showing the time between 8am and 8pm, it is the threat detection data.

    I am currently changing all these to 720 minutes. 

    Is there anyway to throttle the bandwidth between SEC and SUMs ? AFAIK there is only an option to throttle bandwidth between endpoints and SUMs (via updating policy).

    Also, it would be great if you can tell me how much data approximately is the data transferred for threat detection daily, as you said around 50MB daily ? 

    What would be the difference in last binary update V/S last protection data update ( as shown after double clicking on a SUM )

  • Hello Kandarp Desai1,

    throttling is only available for endpoint updating.

    50MB daily
    50MB are for a certain file related to Patch, dunno how often this file is actually updated. I'll keep an eye on it.

    If I'm not mistaken an update check transfers far less than 100kB, IDE updates are normally between 50 and 300kB per day. Depending on the interval the total amount per day likely doesn't exceed 10MB.

    Christian

Reply Children
No Data